Claims 



1. A communication system including a first communication 

terminal, a second communication terminal , anda communication control 
5 server, the communication control server notifying destination 
information for specifying an address of the second communication 
terminal on a network, and the first communication terminal 
transmitting a request message to the communication control server 
to request the destination information, 

10 the communication control server comprising: 

a permitted-terminal table storage unit operable to store a 
permitted- terminal table that shows correlation between the second 
communication terminal and one or more connection -permitted 
communication terminals that are permitted to connect to the second 

15 communication terminal ; 

a request message reception unit operable to receive the request 
message; 

a terminal determination unit operable to determine, based 
on the permitted-terminal table, whether or not the first 
20 communication terminal that transmitted the received request message 
is a connection -permitted communication terminal; and 

a notification control unit operable to notify the first 
communication terminal of the destination information, only when 
the first communication terminal has been determined to be a 
25 connection -permitted communication terminal. 



The communication system of Claim 1, wherein 
the notification control unit includes: 
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an authentication information creation sub-unit 
operable to, only when the first communication terminal has 
been determined to be a connection -permitted terminal, create 
authentication information for the second communication 
5 terminal to authenticate the first communication terminal, 

the notification control unit further notifies the 
authentication information to the first communication terminal and 
the second communication terminal, 

the first communication terminal transmits the notified 
10 authentication information to the second communication terminal when 
making a connection request to the second communication terminal, 
and 

the second communication terminal comprises : 

a reception unit operable to receive the authentication 
15 information from the first communication terminal; 

a determination unit operable to determine whether or not the 
received authentication information and the notified authentication 
information match; and 

a connection control unit operable to permit a connection from 
20 the first communication terminal, only when the received 
authentication information and the notified authentication 
information match. 

3. The communication system of Claim 1, wherein 

25 the notification control unit includes: 

an encrypt key creation unit operable to create an encrypt 
key for encryption and decryption of information transmitted 
between the first communication terminal and the second 
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communication terminal , and 

the notification control unit further notifies the encrypt 
key to the first communication terminal and the second communication 
terminal . 

5 

4. The communication system of Claim 1, wherein . 

the notification control unit further, before notifying the 
first communication terminal of the destination information of the 
second communication terminal , transmits a query message to the second 
10 communication terminal, the query message querying as to whether 
or not the second communication terminal is able to accept a connection 
from the first communication terminal, 

the second terminal comprises : 

a reception unit operable to receive the query message; and 
15 a connection acceptability notification unit operable to 

determine, according to a load state upon receiving the query message, 
whether or not the connection from the first communication terminal 
is able to be accepted, and notify the communication control server 
of an acceptability notification message that shows a result of the 
20 determination, 

the notification control unit includes: 

a connection acceptability determination sub-unit 
operable to determine, based on the notified acceptability 
notification message, whether or not the second communication 
25 terminal is in a state of being able to accept the connection 

from the first communication terminal, and 

when the second communication terminal is in a state of being 
able to accept the connection, the notification control unit notifies 



the first communication terminal of the destination information. 

5 . The communication system of Claim 4 , wherein 

when the first communication terminal is determined not to 
5 be a connection -permitted terminal, the notification control unit 
notifies the first communication terminal of a notification message 
showing that the first communication terminal is not permitted to 
connect to the second communication terminal, and 

when the second communication terminal is in a state of being 
10 unable to accept the connection from the first communication terminal , 
the notification control unit notifies the first communication 
terminal that the second communication terminal is unable to accept 
the connection . 

15 6 . A communication terminal that is connected to a communication 

control server over a network, comprising: 

a permitted- communication terminal registration request unit 
operable to make a request, to the communication control server, 
to register one or more communication terminals that are permitted 
20 to connect to the communication terminal; 

an authentication information reception unit operable to, when 
a communication terminal that has requested destination information 
for specifying an address of the communication terminal on the network 
is any one of the communication terminals that are permitted to connect 
25 to the communication terminal, receive authentication information 
for authenticating the communication terminal that requested the 
destination information; 

an identification information reception unit operable to 
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receive, from the communication terminal that requested the 
destination information, a connection acceptance request and 
identification information that identifies the communication 
terminal that requested the destination information; 
5 a determination unit operable to determine whether or not the 

authentication information and the identification information match; 
and 

a connection control unit operable to permit a connection based 
on the connection acceptance request from the terminal that requested 
10 the destination information , only when the authentication information 
and the identification information match. 

7 . The communication terminal of Claim 6 , wherein 

the identification information reception unit further , before 
15 the connection acceptance request is transmitted, receives a query 
message from the communication control unit, the query message 
querying whether or not a connection from the communication terminal 
that requested the destination information is able to be accepted, 
and 

20 the connection control unit determines whether or not the 

connection from the first communication terminal is able to be accepted 
according to a load state upon receiving the query message , and noti f ies 
the communication control server of a result of the determination . 

25 8 . The communication terminal of Claim 7 , wherein 

the identification information reception unit, when the 
communication terminal is in a state of being unable to accept the 
connection from the communication terminal that requested the 

70 



destination information , receives a transfer ask noti f ication message 
from the communication control server, the transfer ask notification 
message notifying that a communication data transfer ask has been 
made by the communication terminal that requested the destination 
information, and 

the communication terminal comprises : 

a communication data acquirability determination unit operable 
to determine, according to a load state, whether or not the 
communication terminal has come to be in a state of being able to 
acquire the communication data; 

a transfer request message transmission unit operable to, when 
the communication terminal has come into a state of being able to 
acquire the communication data after the transfer ask notification 
message has been received, transmit a transfer request message that 
requests transfer of the communication data; and 

an acquisition unit operable to acquire the communication data 
transmitted from the communication control server in response to 
the transfer request message. 

9. The communication terminal of Claim 6, further comprising: 

a storage unit operable to store a plurality of types of 
communication data potentially transmitted to a callee communication 
terminal, each type of communication data being stored in 
correspondence with a respective data attribute thereof; 

a transmission unit operable to transmit a request message 
to the communication control server, the request message requesting 
destination information for specifying the address of a callee 
communication terminal on the network; 
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an acquisition unit operable to obtain the destination 
information notified by the server, only when the communication 
terminal is permitted to connect to the callee terminal; 

a connection establishment unit operable to establish a 
connection with the callee communication terminal based on the 
acquired destination information; 

a designation reception unit operable to receive a designation 
of communication data to be transmitted; 

a data attribute determination unit operable to determine 
whether or not the designated communication data has a specific data 
attribute ; 

a transfer ask unit operable to, when the designated 
communication data has the specific data attribute, ask the 
communication control server to transfer the designated communication 
data to the callee communication terminal ; and 

a transmission control unit operable to control such that (i) 
when the designated communication data has the specific data attribute, 
the designated communication data is transmitted to the communication 
control server, and (ii) when the designated communication data does 
not have the specific data attribute, the designated communication 
data is transmitted directly to the callee terminal . 

10. The communication terminal of Claim 9, wherein 
the transmission control unit includes : 

an extraction sub-unit operable to, when the designated 
communication data is MPEG -encoded video data, extract an I 
picture from the video data; and 

an encryption sub-unit operable to encrypt the extracted 



I picture, 

the transfer ask unit asks that the encrypted I picture be 
transferred to the callee communication terminal, and 

the transmission control unit transmits the encrypted I picture 
5 to the communication control server, and transmits remaining video 
data excluding the I picture directly to the connected callee 
communication terminal. 

11 . The communication terminal of Claim 9 , wherein 

10 the data attributes show whether or not the communication data 

is secret, 

the transfer ask unit, when the data attribute of the designated 
communication data shows that the designated communication data is 
secret, asks the communication control server to transfer the 
15 designated data to the callee communication terminal, and 

the communication control unit, when the data attribute of 
the designated communication data shows that the designated 
communication data is secret, encrypts the designated communication 
data, and transmits the encrypted designated communication data to 
20 the communication control server. 

12. The communication terminal of any of Claims 6 to 11, wherein 
the address is an IP address. 

25 13. The communication terminal of any of Claims 6 to 11, wherein 
the address is composed of an IP address and a port number. 



14. The communication terminal of any of Claims 6 to 13, wherein 
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the address changes from time to time . 

15. A communication control server that notifies destination 
information for specifying an address of a communication terminal, 
comprising : 

a permitted- terminal table storage unit operable to store a 
permitted -terminal table that shows correlation between the 
communication terminal and one or more connection -permitted 
communication terminals that are permitted to connect to the 
communication terminal; 

a request message reception unit operable to receive a request 
message from a request- source communication terminal, the request 
message requesting the destination information; 

a terminal determination unit operable to determine, based 
on the permitted terminal table, whether or not the request- source 
communication terminal is a connection -permitted communication 
terminal ; and 

a notification control unit operable to notify the 
request -source communication terminal of the destination information 
of the communication terminal, only when the request- source 
communication terminal is determined to be a connection -permitted 
communication terminal. 

16 . A connection control program used in a communication terminal 
that is connected to a communication control server over a network, 
the connection control program comprising : 

a permitted- communication terminal registration request step 
of making a request, to the communication control server, to register 



one or more communication terminals that are permitted to connect 
to the communication terminal; 

an authentication information reception step of, when a 
communication terminal that has requested destination information 
for specifying an address of the communication terminal on the network 
is any one of the communication terminals that are permitted to connect 
to the communication terminal, receiving authentication information 
for authenticating the communication terminal that requested the 
destination information; 

an identification information reception step of receiving, 
from the communication terminal that requested the destination 
information, a connection acceptance request and identification 
information that identifies the communication terminal that requested 
the destination information ; 

a determination step of determining whether or not the 
authentication information and the identification information match; 
and 

a connection control step of permitting a connection based 
on the connection acceptance request from the terminal that requested 
the destination information , only when the authentication information 
and the identification information match. 

17 . A computer -readable recording medium on which is recorded a 
connection control program used in a communication terminal that 
is connected to a communication control server over a network, the 
connection control program comprising: 

a permitted- communication terminal registration request step 
of making a request, to the communication control server, to register 



one or more communication terminals that are permitted to connect 
to the communication terminal; 

an authentication information reception step of, when a 
communication terminal that has requested destination information 
for specifying an address of the communication terminal on the network 
is any one of the communication terminals that are permitted to connect 
to the communication terminal, receiving authentication information 
for authenticating the communication terminal that requested the 
destination information; 

an identification information reception step of receiving, 
from the communication terminal that requested the destination 
information, a connection acceptance request and identification 
information that identifies the communication terminal that requested 
the destination information; 

a determination step of determining whether or not the 
authentication information and the identification information match; 
and 

a connection control step of permitting a connection based 
on the connection acceptance request from the terminal that requested 
the destination information , only when the authentication information 
and the identification information match. 

18 . A connection control method used in a communication terminal 
that is connected to a communication control server over a network, 
the connection control method comprising: 

a permitted- communication terminal registration request step 
of making a request, to the communication control server, to register 
one or more communication terminals that are permitted to connect 
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to the communication terminal; 

an authentication information reception step of, when a 
communication terminal that has requested destination information 
for specifying an address of the communication terminal on the network 
is any one of the communication terminals that are permitted to connect 
to the communication terminal, receiving authentication information 
for authenticating the communication terminal that requested the 
destination information; 

an identification information reception step of receiving, 
from the communication terminal that requested the destination 
information, a connection acceptance request and identification 
information that identifies the communication terminal that requested 
the destination information; 

a determination step of determining whether or not the 
authentication information and the identification information match; 
and 

a connection control step of permitting a connection based 
on the connection acceptance request from the terminal that requested 
the destination information , only when the authentication information 
and the identification information match. 



